Terraform Q&A - HashiCorp User Group Oslo
2 likes312 views
This document summarizes a meetup for the HashiCorp User Group in Oslo. The meetup agenda includes an introduction to the user group, a Terraform Q&A session, and opportunities for attendees to become speakers. The document also provides answers to some frequent Terraform questions, such as why to use Terraform over other infrastructure as code tools and how to handle secrets. Additional resources are referenced for learning more about Terraform best practices and tools.
Terraform Q&A - HashiCorp User Group Oslo
- 1. HashiCorp User Group Oslo 20.11.2017 https://meetup.com/Oslo-HashiCorp-User-Group/
- 2. Food sponsor: Agenda - initial commit 1. About this user group 2. Terraform questions & problems 3. Terraform Q&A Want to be a speaker? Send an email - [email protected]
- 3. About this user group This HashiCorp User Group Oslo is the place where interested people gather once every couple months to learn from each other about HashiCorp products— what we do, how we do it, and how can we do it differently. While I generally strive to make such meetups interesting for the participants, I am often against the repetitive talks which can be found online easily. Latest editition: 20.11.2017 Anton Babenko, CEO at Betajob linkedin.com/in/antonbabenko github.com/antonbabenko [email protected] Keywords: All-5 AWS certified, DevOps, infrastructure as code, automation, open-source, community member and events organiser, Terraform modules, solution architectures, serverless. About me
- 6. Featuring... Write, Plan, and Create Infrastructure as Code
- 7. Terraform 101 (main.tf) provider "aws" { region = "eu-west-1" } resource "random_pet" "bucket" {} resource "aws_s3_bucket" "app" { bucket = "hi-${random_pet .bucket. id}" website { index_document = "index.html" } } data "template_file" "index" { template = "${file("index.html")}" vars { BUCKET = "${aws_s3_bucket .app.website_endpoint }" } } resource "aws_s3_bucket_object" "object" { bucket = "${aws_s3_bucket .app.id}" key = "index.html" content = "${data. template_file .index.rendered }" etag = "${md5(data. template_file .index.rendered )}" content_type = "text/html" acl = "public-read" } output "app_website_endpoint" { value = "${aws_s3_bucket .app.website_endpoint }" } index.html can access: ${BUCKET} $ terraform init $ terraform plan $ terraform apply Apply complete! Resources: 3 added, 0 changed, 0 destroyed. Outputs: app_website_endpoint = hi-feasible-basilisk.s3-website-eu-west-1.a mazonaws.com
- 8. Frequent Terraform Questions (FTQ)
- 9. Why Terraform and not AWS CloudFormation/Azure ARM templates/Google Cloud Deployment Manager? Terraform manages 70+ providers, has easier syntax (HCL), has native support for modules and remote states, has team-work features. Terraform is an open-source project (640 - AWS provider, 1100 - core). https://medium.com/@piotrgospodarek/cloudformation-vs-terraform-990318d6a7de https://cloudonaut.io/cloudformation-vs-terraform/ https://www.slideshare.net/AntonBabenko/continuously-delivering-infrastructure-using-terrafo rm-and-packer-training-material
- 10. Tord P.: What is the point of using these tools if you’re running AWS only, e.g. isn’t Terraform just a an unnecessary abstraction, why not stick to CloudFormation? Terraform manages 70+ providers, has easier syntax (HCL), has native support for modules and remote states, has team-work features. Terraform is an open-source project. Abstractions (primitives and modules) are necessary and easily available (Terraform Registry).
- 11. What are the most common tools/solutions out there? ● Terraform Module Registry to discover modules for common infrastructure configurations for any provider - https://registry.terraform.io/ (I maintain verified AWS modules there) ● Thin wrapper for Terraform that provides extra tools for working with multiple Terraform modules - https://github.com/gruntwork-io/terragrunt ● Terraform linter for detecting errors that can not be detected by `terraform plan` - https://github.com/wata727/tflint ● Terraform version manager - https://github.com/kamatama41/tfenv This list is much longer, really…
- 12. How to handle secrets in Terraform? 1. Can you accept secrets to be saved in state file in plaintext? Probably not. a. AWS IAM password & access secret keys - use PGP as keybase.io b. AWS RDS - set dummy password and change after DB is created c. AWS RDS - use iam_database_authentication_enabled = true d. EC2 instance user-data + AWS KMS 2. Other options: a. Secure remote state location (S3 bucket policy, KMS key)
- 13. How to get started? 1. Install and getting started - https://www.terraform.io/intro/getting-started/install.html 2. Get infrastructure modules from Terraform Registry. For example, AWS modules - https://registry.terraform.io/modules/terraform-aws-modules 3. Follow instructions in README.md, check examples, open issues and pull requests.
- 14. Frequent Terraform Problems (FTP)
- 15. Upgraded Terraform version, and there is a breaking bug, so I want to rollback, but I can’t because state file has been upgraded already. ● State file should be versioned (!), download previous version of state file, run “terraform state push old_version.tfstate” ● Lock terraform version, lock module and providers version (new in 0.11) ● Read upgrade guides and CHANGELOG.md files: ○ https://www.terraform.io/upgrade-guides/0-11.html ○ https://github.com/hashicorp/terraform/blob/master/CHANGELOG.md ○ https://github.com/terraform-providers/terraform-provider-aws/blob/master/CHANG ELOG.md
- 16. What is your Terraform question or problem? PS: Maybe something about testing? Versioning? Code structure? Working as a team? CI/CD? Automation? Integration with other tools? https://modules.tf/ ? Code generation? Missing tools/features? Syntax sugar (features and types of variables)? How to contribute?
- 17. Thanks! https://www.terraform.io/ https://github.com/terraform-aws-modules/ https://www.slideshare.net/AntonBabenko/continuously-delivering-infrastructure-using-terrafo rm-and-packer-training-material https://github.com/arun-gupta/kubernetes-aws-workshop/issues/135 - "Add Terraform template for cluster creation”